CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38302
https://notcve.org/view.php?id=CVE-2024-38302
Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data vulnerability in the DDAE (Starburst). A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure. Dell Data Lakehouse, versión(es) 1.0.0.0, contiene una vulnerabilidad de cifrado faltante de datos confidenciales en DDAE (Starburst). • https://www.dell.com/support/kbdoc/en-us/000227053/dsa-2024-303-security-update-for-dell-data-lakehouse-system-software-for-multiple-security-vulnerabilities • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40633 – Customer data leak via adjustments API endpoint in Sylius
https://notcve.org/view.php?id=CVE-2024-40633
Sylius is an Open Source eCommerce Framework on Symfony. A security vulnerability was discovered in the `/api/v2/shop/adjustments/{id}` endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve order tokens. Using these tokens, an attacker can access guest customer order details - sensitive guest customer information. The issue is fixed in versions: 1.12.19, 1.13.4 and above. • https://github.com/Sylius/Sylius/security/advisories/GHSA-55rf-8q29-4g43 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42010 – IBM Sterling B2B Integrator Standard Edition information disclosure
https://notcve.org/view.php?id=CVE-2023-42010
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. IBM X-Force ID: 265507. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.1.2.5 y 6.2.0.0 a 6.2.0.2 podría revelar información confidencial en la respuesta HTTP utilizando técnicas de intermediario. ID de IBM X-Force: 265507. • https://exchange.xforce.ibmcloud.com/vulnerabilities/265507 https://www.ibm.com/support/pages/node/7160433 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-23467 – SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23467
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-23475 – SolarWinds Access Rights Manager Directory Traversal and Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-23475
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •